PT-2017-1415 · Mediatek+1 · Command Queue Driver+5

Published

2017-03-08

Updated

2019-10-03

CVE-2017-0505

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android (affected versions not specified)

Description The issue is related to insufficient access control in various MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, in the Android operating system. This could allow a remote attacker to execute arbitrary code and potentially lead to complete device failure, requiring the device to be re-flashed. A local malicious application may also exploit this issue to execute arbitrary code within the context of the kernel, potentially resulting in a local permanent device compromise.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2017-00555

CVE-2017-0505

Affected Products

Android

Command Queue Driver

Gpu Driver

M4U Driver

Sound Driver

Touchscreen Driver

PT-2017-1415 · Mediatek+1 · Command Queue Driver+5

CVE-2017-0505

Weakness Enumeration

Related Identifiers

Affected Products

References · 11